use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.
the class XmlX509Certprofile method initSmimeCapabilities.
private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
if (extConf == null) {
return;
}
List<SMIMECapability> list = extConf.getSMIMECapability();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (SMIMECapability m : list) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
ASN1Encodable params = null;
org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
if (capParams != null) {
if (capParams.getInteger() != null) {
params = new ASN1Integer(capParams.getInteger());
} else if (capParams.getBase64Binary() != null) {
params = readAsn1Encodable(capParams.getBase64Binary().getValue());
}
}
org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
vec.add(cap);
}
ASN1Encodable extValue = new DERSequence(vec);
smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.
the class AdmissionSyntaxOption method getExtensionValue.
public ExtensionValue getExtensionValue(List<List<String>> registrationNumbersList) throws BadCertTemplateException {
if (!this.inputFromRequestRequired) {
return this.extensionValue;
}
if (CollectionUtil.isEmpty(registrationNumbersList)) {
throw new BadCertTemplateException("registrationNumbersList must not be empty");
}
final int n = registrationNumbersList.size();
if (n != this.admissionsList.size()) {
throw new BadCertTemplateException("invalid size of Admissions in AdmissionSyntax: " + "is=" + n + ", expected=" + this.admissionsList.size());
}
// check registrationNumbers
List<List<String>> newRegNumbersList = new ArrayList<>(this.admissionsList.size());
for (int i = 0; i < n; i++) {
AdmissionsOption ao = this.admissionsList.get(i);
List<ProfessionInfoOption> pi = ao.getProfessionInfos();
List<String> registrationNumbers = registrationNumbersList.get(i);
final int k = registrationNumbers.size();
if (k != pi.size()) {
throw new BadCertTemplateException("invalid size of ProfessionInfo in Admissions[" + i + "], is=" + k + ", expected=" + pi.size());
}
List<String> newRegNumbers = new ArrayList<>(k);
newRegNumbersList.add(newRegNumbers);
for (int j = 0; j < k; j++) {
RegistrationNumberOption option = pi.get(j).getRegistrationNumberOption();
if (option == null || option.getConstant() != null) {
continue;
}
Pattern regex = option.getRegex();
String regNum = registrationNumbers.get(j);
if (regNum == null || !regex.matcher(regNum).matches()) {
throw new BadCertTemplateException("invalid registrationNumber[" + i + "][" + j + "]: '" + regNum + "'");
}
newRegNumbers.add(regNum);
}
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i < this.admissionsList.size(); i++) {
AdmissionsOption ao = this.admissionsList.get(i);
List<ProfessionInfoOption> piList = ao.getProfessionInfos();
ProfessionInfo[] pis = new ProfessionInfo[piList.size()];
for (int j = 0; j < pis.length; j++) {
ProfessionInfoOption pio = piList.get(j);
DirectoryString[] professionItems = null;
int size = pio.getProfessionItems().size();
professionItems = new DirectoryString[size];
for (int k = 0; k < size; k++) {
professionItems[k] = new DirectoryString(pio.getProfessionItems().get(k));
}
ASN1OctetString addProfessionInfo = null;
if (pio.getAddProfessionalInfo() != null) {
addProfessionInfo = new DEROctetString(pio.getAddProfessionalInfo());
}
RegistrationNumberOption regNumOption = pio.getRegistrationNumberOption();
String registrationNumber = null;
if (regNumOption != null) {
if (regNumOption.getConstant() != null) {
registrationNumber = regNumOption.getConstant();
} else {
registrationNumber = newRegNumbersList.get(i).get(j);
}
}
pis[i] = new ProfessionInfo(pio.getNamingAuthority(), professionItems, pio.getProfessionOids().toArray(new ASN1ObjectIdentifier[0]), registrationNumber, addProfessionInfo);
}
vec.add(new Admissions(ao.getAdmissionAuthority(), ao.getNamingAuthority(), pis));
}
return new ExtensionValue(critical, new AdmissionSyntax(admissionAuthority, new DERSequence(vec)));
}
use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.
the class X509SelfSignedCertBuilder method addExtensions.
// method generateCertificate
private static void addExtensions(X509v3CertificateBuilder certBuilder, IdentifiedX509Certprofile profile, X500Name requestedSubject, X500Name grantedSubject, Extensions extensions, SubjectPublicKeyInfo requestedPublicKeyInfo, PublicCaInfo publicCaInfo, Date notBefore, Date notAfter) throws CertprofileException, IOException, BadCertTemplateException {
ExtensionValues extensionTuples = profile.getExtensions(requestedSubject, grantedSubject, extensions, requestedPublicKeyInfo, publicCaInfo, null, notBefore, notAfter);
if (extensionTuples == null) {
return;
}
for (ASN1ObjectIdentifier extType : extensionTuples.getExtensionTypes()) {
ExtensionValue extValue = extensionTuples.getExtensionValue(extType);
certBuilder.addExtension(extType, extValue.isCritical(), extValue.getValue());
}
}
use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.
the class XmlX509CertprofileUtil method buildConstantExtesions.
// method buildExtKeyUsageOptions
public static Map<ASN1ObjectIdentifier, ExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
if (extensionsType == null) {
return null;
}
Map<ASN1ObjectIdentifier, ExtensionValue> map = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
continue;
}
ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
byte[] encodedValue = extConf.getValue();
ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
ASN1Encodable value;
try {
value = parser.readObject();
} catch (IOException ex) {
throw new CertprofileException("could not parse the constant extension value", ex);
}
ExtensionValue extension = new ExtensionValue(m.isCritical(), value);
map.put(oid, extension);
}
if (CollectionUtil.isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
use of org.xipki.ca.api.profile.ExtensionValue in project xipki by xipki.
the class XmlX509Certprofile method initRestriction.
private void initRestriction(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_extension_restriction;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
Restriction extConf = (Restriction) getExtensionValue(type, extensionsType, Restriction.class);
if (extConf == null) {
return;
}
DirectoryStringType stringType = XmlX509CertprofileUtil.convertDirectoryStringType(extConf.getType());
ASN1Encodable extValue = stringType.createDirectoryString(extConf.getText());
restriction = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Aggregations